Closed
Bug 594760
Opened 15 years ago
Closed 15 years ago
activeContent in nsEventStateManager::PostHandleEvent looks unsafe
Categories
(Core :: DOM: Events, defect)
Tracking
()
People
(Reporter: smaug, Assigned: smaug)
Details
(Whiteboard: [sg:critical?][critsmash:patch])
Attachments
(1 file)
|
1.05 KB,
patch
|
roc
:
review+
roc
:
approval2.0+
dveditz
:
approval1.9.2.11+
dveditz
:
approval1.9.1.14+
|
Details | Diff | Splinter Review |
The variable is nsIContent*, but scripts may run before it is used.
I don't have a testcase, but based on code this might lead to crash when
using image maps and deleting the image element when it gets focus.
Or something like that.
Attachment #473527 -
Flags: review?(roc)
Attachment #473527 -
Flags: approval2.0?
Attachment #473527 -
Flags: approval1.9.2.10?
Attachment #473527 -
Flags: approval1.9.1.13?
Attachment #473527 -
Flags: review?(roc)
Attachment #473527 -
Flags: review+
Attachment #473527 -
Flags: approval2.0?
Attachment #473527 -
Flags: approval2.0+
Updated•15 years ago
|
Whiteboard: [sg:critical?][critsmash:patch]
| Assignee | ||
Updated•15 years ago
|
Assignee: nobody → Olli.Pettay
Comment 1•15 years ago
|
||
Comment on attachment 473527 [details] [diff] [review]
patch
Approved for 1.9.2.11 and 1.9.1.14, a=dveditz
Attachment #473527 -
Flags: approval1.9.2.11?
Attachment #473527 -
Flags: approval1.9.2.11+
Attachment #473527 -
Flags: approval1.9.1.14?
Attachment #473527 -
Flags: approval1.9.1.14+
Updated•15 years ago
|
blocking1.9.1: --- → needed
blocking1.9.2: --- → needed
status1.9.1:
--- → wanted
status1.9.2:
--- → wanted
| Assignee | ||
Comment 2•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/99aa53d645ca
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/2d8e67f58719
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/b48f479bfc99
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•14 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•